/**
 * 
 */
package com.et114.modules.org.services;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.acegisecurity.Authentication;
import org.acegisecurity.concurrent.SessionRegistry;
import org.acegisecurity.ui.logout.LogoutHandler;

import com.et114.components.acegi.AcegiContext;
import com.et114.components.acegi.Constants;
import com.et114.modules.org.utility.SessionUserInfo;

/**
 * @author guanhw
 */
public class OrgSessionLogoutHandler implements LogoutHandler {
	private SessionRegistry	sessionRegistry;
	/* (non-Javadoc)
	 * @see org.acegisecurity.ui.logout.LogoutHandler#logout(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.acegisecurity.Authentication)
	 */


	/**
	 */
	public void logout ( HttpServletRequest request ,
			HttpServletResponse response , Authentication authentication ) {
		HttpSession session = request.getSession( false );
		if ( session != null ) {
			// 因为使用了concurrentSessionController 在限制用户登陆,所以登出时移除相应的session信息
			if ( AcegiContext.getOrgSingleUser ( ) == true  ) {
				String logn = ( ( SessionUserInfo ) session .getAttribute ( Constants.SESSION_CURRENT_USER_KEY ) ).getLoginName ( );
				OnLineUserListener.getInstance ( ).deleteUser ( logn ) ; 				
			}
			sessionRegistry.removeSessionInformation( session.getId() );
			request.getSession().invalidate();
		}
	}

	public void setSessionRegistry ( SessionRegistry sessionRegistry ) {
		this.sessionRegistry = sessionRegistry;
	}
}
